Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

被引：0

作者：

Valdevit, Thierry ^{[1
]}

Mayer, Nicolas ^{[1
]}

Barafort, Beatrix ^{[1
]}

机构：

[1] CRP Henri Tudor, L-1855 Luxembourg, Luxembourg

来源：

SOFTWARE PROCESS IMPROVEMENT, PROCEEDINGS | 2009年 / 42卷

关键词：

Information security; ISO/IEC; 27001; SME; implementation guide;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

引用

页码：201 / 212

页数：12

共 50 条

[31] Managing critical information infrastructure security compliance: A standard based approach using ISO/IEC 17799 and 27001
Jayawickrama, Wipul
[J]. On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, Pt 1, Proceedings, 2006, 4277 : 565 - 574
[32] Information security objectives and the output legitimacy of ISO/IEC 27001: stakeholders’ perspective on expectations in private organizations in Sweden
Yasmin Kamil
Sofia Lund
M Sirajul Islam
[J]. Information Systems and e-Business Management, 2023, 21 : 699 - 722
[33] Developing an ISO27001 Information Security Management System for an Educational Institute: Hashemite University as a Case Study
Itradat, Awni
Sultan, Sari
Al-Junaidi, Maram
Qaffaf, Rawa'a
Mashal, Feda'a
Daas, Fatima
[J]. JORDAN JOURNAL OF MECHANICAL AND INDUSTRIAL ENGINEERING, 2014, 8 (02): : 102 - 118
[34] Supporting the Development and Documentation of ISO 27001 Information Security Management Systems through Security Requirements Engineering Approaches
Beckers, Kristian
Fassbender, Stephan
Heisel, Maritta
Kuester, Jan-Christoph
Schmidt, Holger
[J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2012, 7159 : 14 - +
[35] Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation
Beckers, Kristian
Fassbender, Stephan
Heisel, Maritta
Schmidt, Holger
[J]. 2012 SEVENTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES), 2012, : 242 - 248
[36] Policies based on ISO 27001: 2013 and its influence on information security management in municipalities of Peru
Bustamante Garcia, Shonerly
Valles Coral, Miguel Angel
Cuellar Rodriguez, Immer Elias
Levano Rodriguez, Danny
[J]. ENFOQUE UTE, 2021, 12 (02): : 69 - 79
[37] INTEGRATION OF THE GDPR REQUIREMENTS INTO THE REQUIREMENTS OF THE SR EN ISO/IEC 27001:2018 STANDARD, INTEGRATION SECURITY MANAGEMENT SYSTEM IN A SOFTWARE DEVELOPMENT COMPANY
Gaspar, Mirabela Luciana
Popescu, Sorin Gabriel
[J]. ACTA TECHNICA NAPOCENSIS SERIES-APPLIED MATHEMATICS MECHANICS AND ENGINEERING, 2018, 61 (03): : 85 - 96
[38] Information security failures identified and measured - ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis
Suorsa, M.
Helo, P.
[J]. INFORMATION SECURITY JOURNAL, 2024, 33 (03): : 285 - 306
[39] Enhanced Information Security Management System Framework Design Using ISO 27001 And Zachman Framework A Study Case of XYZ Company
Aginsa, Andre
Edward, Ian Yosef Matheus
Shalannanda, Wervyan
[J]. 2016 2ND INTERNATIONAL CONFERENCE ON WIRELESS AND TELEMATICS (ICWT), 2016, : 62 - 66
[40] General Considerations on Risk Management and Information System Security Assessment According to ISO/IEC 27005:2011 and ISO 31000: 2009 Standards
Firoiu, Marian
[J]. QUALITY-ACCESS TO SUCCESS, 2015, 16 (149): : 93 - 97

← 1 2 3 4 5 →